Cisco IOS Security Checklist

Cisco Reference

Here's some useful Cisco information that we've compiled over the last few years.

Router Performance

Gigabit Ethernet

Cisco 2500 Series Map

IOS Security Checklist


Router(config)#service password-encryption
Router(config)#enable secret
                                                                                
Secure Console Ports
Secure AUX Ports
 Router(config-line)# login
 Router(config-line)# password
Secure VTY Ports
 Router(config-line)# login
 Router(config-line)# password
 Router(config-line)# ip access-class (VTY ONLY)
 Router(config-line)# transport input telnet (VTY ONLY)
                                                                                
Guard against sessions accidentally left idle ?
Router(config)# service tcp-keepalives-in
                                                                                
Warning Banners
Router(config)# banner login
banner login ^C
----- whatever Systems, Inc. -----
No unauthorized access to this device will be permitted.
All actions are logged
^C
                                                                                
                                                                                
Router(config)# no ip http server
                                                                                
Logging
Rotuer(config)# logging trap notifications
Rotuer(config)# logging (server)
                                                                                
Time
Router(config)# service timestamps log datetime
Router(config)# service timestamps debug datetime
                                                                                
Anti-Spoofing
Router(config-if)# ip verify unicast rpf
                                                                                
Directed Broadcasts
Router(config-if)# no ip directed-broadcast
                                                                                
No IP Source ROuting
Router(config)# no ip source-route
                                                                                
Remove Unnecessary services
no service tcp-small-servers
no service udp-small-servers
no service finger

Disable CDP
no cdp run

SNMP access list
snmp-server community whatever RO x

© 2003, 2004 Free-Labs.com, Free-Tests.com, Expert-Labs.com, Accelinetworks.
This Website is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc. Cisco, Cisco Systems, CCDA, CCNA, CCDP, CCNP, CCIE, CCSI, CCIP, the Cisco Systems logo and the CCIE logo are trademarks or registered trademarks of Cisco Systems, Inc. in the United States and certain other countries.
Q